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PRE-APPEAL BRIEF IN RESPONSE TO ADVISORY ACTION 
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Mail Stop Appeal Brief - Patents 
Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 22313-1450 

Dear Sir: 

Applicants submit this brief in connection with the appeal of the above-identified 

case. 

REMARKS 

Claims 1-3, 5-15, and 17-21 are pending in the application. Reconsideration of 
the application in light of the following remarks is respectfully requested. 

L REJECTION OF CLAIMS 1-3. 5-15, AND 17-21 UNDER 35 U.S.C. S 103(a) 

Claims 1-3, 5-15, abd 17-21 were rejected under 35 U.S.C: § 103(a) as being 
unpatentable over U.S. Pub No. 20040128553 (Buer) in view of WO 01/05086 A2 
(Krishna) and further in view of U.S. Pub No. 20020129271 A1 (Stanaway). Reversal of 
the rejection is respectfully requested for at least the following reasons. 
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/. The combination ofBuer, Krishna, and Stanaway does not teach or 
suggest a security system comprising an output control system 
operable to receive at least a part of a decrypted payload of a 
subsequent packet before a status word of a preceding packet and 
the core module of the security system is operable to simultaneously 
decrypt and authenticate a packet payload, as recited in claims 1. 

Claim 1 is directed to a network interface system for interfacing a host system 
with a network to provide outgoing data from the host system to the network and to 
provide incoming data from the network to the host system. The network interface 
system comprises a security system operable to receive at least a part of a decrypted 
payload of a subsequent patent before a status word of a preceding packet. 

The Office Action concedes that Buer and Krishna do not teach or suggest an 
output control system operable to receive at least a part of a preceding packet before a 
status word of a preceding packet and a core module of the security system operable to 
simultaneously decrypt and authenticate a packet payload. In addition, further 
combining Stanaway to the teachings of Buer and Krishna does not remedy their 
deficiency. 

As highlighted in applicants' specification, a status word is different than payload 

data because it resides at the end of a packet, and includes trailers received from the 

network and information that the network interface system inserts at the end of the 

packet (see, e.g., page 8, line 27 - page 9 line 2). Claim 1 is not obvious by the 

combination of the cited references because the session discussed in Stanaway at 

paragraph 0019 is a user-VPN session that occurs after accessing a virtual private 

network wherein processing of the packets flows in sequential order with no mention 

of any out-of order processing wherein a part of a decrypted payload being 

received before the status words of a preceding packet. For example, Stanaway 

states in paragraph 0019 the following: 

If the present request for a VPN is not the first communication between 
security gateway and the user, the gateway controller accesses the 
previously negotiated SA (security association) from storage, stores it in 
the gateway data engine and binds it to the IP address of the user as 
assigned by the ISP. As subsequent packets are received in the same 
session the data engine accesses the Security Association (SA) bound to 
the assigned user IP address and properly decrypts the packet payload. 
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Stanaway explains that "subsequent packets" are received in the same session (i.e., the 
VPN session) and then decrypted. This teaches a sequential data flow processed in 
the order of packets received after a user VPN connection is established or 
authenticated and not an out of order processing as recited in claim 1. Then in 
paragraph 0020, Stanaway further explains that, "[alfter the user of a VPN is 
authenticated, VPN packets can be properly received and decrypted for 
communication. * This is very different from a decrypted payload of a subsequent 
packet being received before the status word of a preceding packet and the core 
module of the security system being operable to simultaneously decrypt and 
authenticate a packet payload, as recited in claim 1. 

As explained in the specification on page 10, lines 4-16, the result of 
authentication is the status word. Where the data is written "in-order," the decrypted 
data for a first packet is followed by the status word. This type of sequential order is 
what Stanaway performs according to the detailed description at paragraph 0020 
wherein after a VPN session is established by user name/password subsequent 
packets are received and then decrypted. Out-of-order writing means that decryption of 
the subsequent packet can begin prior to generating the status word for the current 
packet. Consequently, "in-order" processing, as explained by Stanaway is not 
operable to receive at least a part of a decrypted payload of a subsequent packet 
preceding before a status word of a preceding packet and the core module of the 
security system being operable to simultaneously decrypt and authenticate a 
packet payload, as recited in claim 1. Withdrawal of the rejection is therefore 
respectfully requested. 

The type of authentication in Stanaway is for establishing a virtual private 
network (VPN) connection which is different from decrypting and authenticating data 
packets for communication transmission between a network and a network peripheral, 
as appreciated by one of ordinary skill in the art. Establishing a VPN session requires a 
user name and/or password ID (see, paragraph 0018), as compared to transmission of 
data packets from a network to a network peripheral for communication which requires 
decrypting and authenticating the data packets. Therefore, Stanaway would render the 
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cited invention inoperable for purposes of establishing a VPN session by not 

authenticating the session and then receiving and decrypting packets. This is very 

different from what is claimed in claim 1 reciting a decrypted payload of a subsequent 

packet being received before the status word of a preceding packet and the core 

module of the security system being operable to simultaneously decrypt and 

authenticate a packet payload. 

if. The combination ofBuer, Krishna, and Stanaway does not teach or 
suggest a core module operable to decrypt completely the 
subsequent packet prior to authenticating the current packet, as 
recited in claim 13. 

Claim 13 recites a network interface system for interfacing a host system with a 
network to provide outgoing data from the host system to the network and to provide 
incoming data from the network to the host system. The network interface system 
comprises a core module operable to decrypt completely the subsequent packet prior to 
authenticating the current packet. 

The same rationale as above is reiterated by demonstrating that Stanaway 
explicitly teaches that "fajfter the user of a VPN is authenticated, VPN packets can 
be properly received and decrypted for communication/' Because subsequent packets 
are received and decrypted after authentication, Stanaway does not teach or suggest 
that a core module is operable to decrypt completely the subsequent packet prior to 
authenticating the current packet, as recited in claim 13. 

Stanaway further explains that subsequent packets are not completely decrypted 
prior to authenticating the current packet as recited in claims 1 and 13 at paragraph 
0028. Stanaway states that " fajfter the session is authenticated and the memory is 
written, data packets are received at the data engine." This is in contrast to claims 1 
and 13 and therefore withdrawal of the rejection is respectfully requested. 

Accordingly, reversal of this rejection is respectfully requested for at least the 
above reasons. 
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1L CONCLUSION 

For at least the above reasons, the claims currently under consideration are 
believed to be patentable over the cited references. Accordingly, it is respectfully 
requested that the rejections of the pending claims be reversed. 

For any extra fees or any underpayment of fees for filing of this Brief, the 
Commissioner is hereby authorized to charge the Deposit Account Number 50-1733, 
AMDP761US. 

Respectfully submitted, 
ESCHWEILER & ASSOCIATES, LLC 

By /Thomas G. Eschweiler/ 
Thomas G. Eschweiler 
Reg. No. 36,981 

National City Bank Building 
629 Euclid Avenue, Suite 1000 
Cleveland, Ohio 44114 
(216) 502-0600 



